ChaCha20 Explicitly Set Counter #1010
                
     Open
            
            
          
  Add this suggestion to a batch that can be applied as a single commit.
  This suggestion is invalid because no changes were made to the code.
  Suggestions cannot be applied while the pull request is closed.
  Suggestions cannot be applied while viewing a subset of changes.
  Only one suggestion per line can be applied in a batch.
  Add this suggestion to a batch that can be applied as a single commit.
  Applying suggestions on deleted lines is not supported.
  You must change the existing code in this line in order to create a valid suggestion.
  Outdated suggestions cannot be applied.
  This suggestion has been applied or marked resolved.
  Suggestions cannot be applied from pending reviews.
  Suggestions cannot be applied on multi-line comments.
  Suggestions cannot be applied while the pull request is queued to merge.
  Suggestion cannot be applied right now. Please check back later.
  
    
  
    
Feature: Set Counter in ChaCha20 Cipher's Initializer
Checklist:
Changes proposed in this pull request:
Are there any reasons, security or otherwise, that the leading 4 bytes in the
ChaCha20Cipher'scounterparam can't be explicitly set to something other than[0, 0, 0, 0]?I'm trying to generate a QUIC header protection mask (as discussed in RFC 9001 - section 5.4.4) and it requires the 4 byte prefix in the
counterto be explicitly set upon the cipher's initialization.The change proposed in this PR is to add a
counterparam to the ChaCha20 initializer that defaults to the standard 4 zero bytes. The default value prevents breaking changes while keeping only a single initializer. I also wasn't sure what API would be preferable...counterparam in the current initializer (this way the user knows for sure they're setting the counter).Either method would allow for the following to be accomplished...
Example from RFC 9001 Appendix A.5 Quic v1
Let me know what you think
Thanks